Re: [Phpslash-devel] yet more suggestions for .73...
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
Re: [Phpslash-devel] yet more suggestions for .73...
|
From: nathan r. h. <na...@ds...> - 2003-05-11 13:27:56
|
Hi,
On Sat, 10 May 2003, Luis M wrote:
>
> ummm it seems that posting code to an article causes phpslash to parse the
> code. This makes yet another suggestion for the future release:
>
> #. Do not parse code coming from articles.
>
> Things like having $php variables, or {VAR} containers for templates... They
> should all be escaped if the text comes from an article. That could
> potentially eliminate all types of cross-site scripting and sql-code
> injection that <i>might</i> be lurking in the phpslash code...
>
Can you please give a very specific example what exactly you did to
discover this (including html/exttrans/plain settings, phpversion,
phpslash version, os version, browser, and a step-by-step regression)
Does this happen every time? If so I'd like to fix this and get it out
pronto.
-n
--
------
nathan hruby
na...@ds...
------
|
